On 8/7/20 12:00 PM, Rowland penny via samba wrote:> On 07/08/2020 19:46, Simon Matthews via samba wrote:
>> I have a network with a Samba server (Samba 4, but running as an old
>> NT-style domain), Windows and Linux clients.
> You really should consider upgrading to AD,
>> Is there any way to have the Windows client access map to just
"user",
>> with its Linux UID? What should I expect with a machine that is joined
>> to a domain -- or is the problem that the Linux client is not actually
>> joined to the domain? If so, how do I fix this?
>
> Can we start by seeing your smb.conf files from your PDC and a linux
> client, also what OS is the client running.
>
> Rowland
The client is running CentOS 7:
# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
After another attempt, I have successfully joined the linux client to
the domain:
# net rpc join MEMBER -S raidserver -U root%<password>
Using short domain name -- BLUE
Joined 'TURQUOISE' to domain 'BLUE'
Note that the hostname of the Linux client is actually "H2". Turquoise
is a hold over from what it was earlier. "turquoise" resolves on the
network:
$ ping turquoise
PING h2.sj.bps (192.168.254.105) 56(84) bytes of data.
64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64 time=0.264 ms
Client config:
========
grep -v ^# /etc/samba/smb.conf
[global]
workgroup = BLUE
password server = raidserver
security = domain
idmap config * : range = 16777216-33554431
template shell = /bin/false
kerberos method = secrets only
winbind use default domain = false
winbind offline logon = true
username map = /etc/samba/usermap.txt # This file is empty.
server string = Samba Server Version %v
netbios name = TURQUOISE
# client ntlmv2 auth = yes
# ntlm auth = no
interfaces = lo eth1
local master = no
os level = 20
preferred master = no
wins support = no
load printers = no
cups options = raw
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[build2]
comment = build2 on Turquoise
path = /export/build
browseable = yes
writeable = yes
guest ok = yes
[install]
comment = install on Turquoise
path = /mnt/newbuild2/install
browseable = yes
writeable = yes
guest ok = yes
[squish]
comment = squish on Turquoise
path = /mnt/newbuild2/TestArea
browseable = yes
writeable = yes
guest ok = yes
[build4]
comment = build4 on Turquoise
path = /build4
browseable = yes
writeable = yes
guest ok = yes
[build-H4]
comment = build4 on Turquoise
path = /build4
browseable = yes
writeable = yes
guest ok = yes
Config on PDC (raidserver):
================
# grep -v ^# /etc/samba/smb.conf
[global]
workgroup = BLUE
netbios name = RAIDSERVER
server string = Samba Server %v
interfaces = 192.168.254.3, 127.0.0.1
bind interfaces only = yes
map to guest = Bad User
smb passwd file = /etc/samba/private/smbpasswd
log file = /var/log/samba3/log.%m
log level = 1
max log size = 500
# socket options = IPTOS_LOWDELAY TCP_NODELAY
socket_options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# write cache size = 262144
printcap name = cups
os level = 64
# WINS support must be present for domain logins
wins support = yes
dns proxy = No
ldap ssl = no
domain master = yes
domain logons = yes
enable privileges = yes
security = user
local master = yes
preferred master = yes
#logon path = \\%N\profiles\%U
logon path logon home = \\raidserver\%U
logon drive = h:
logon script = logon.bat
passdb backend = tdbsam
#null passwords = yes
time server = yes
dos filetimes = yes
max protocol = SMB3
map untrusted to domain = yes
[netlogon]
path = /local/samba/netlogon
read only = yes
browseable = no
[profiles]
path = /local/samba/profiles
read only = no
create mask = 0666
directory mask = 0700
browseable = no
[homes]
comment = Home Directories
path = /home/%S
invalid users = root
read only = No
browseable = No
dos filetime resolution = yes
[home]
comment = Home Directories
path = /home/
invalid users = root
read only = No
browseable = Yes
dos filetime resolution = yes
[build2]
comment = Home Directories
path = /home/build2
invalid users = root
read only = No
browseable = No
dos filetime resolution = yes
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
browseable = No
# printer admin = root,simon
[print$]
path = /var/lib/samba/printers
write list = @adm, root
guest ok = Yes
read only = yes
browseable = yes
# printer admin = root,simon
[export]
comment = Export dir
path = /export
invalid users = root
admin users = simon
read only = No
dos filetime resolution = yes
>
>
>
>
Blue Pearl Software, Inc. will collect and process information about you that
may be subject to data protection laws. For more information about how we use
and disclose your personal information, how we protect your information, our
legal basis to use your information, your rights and who you can contact, please
refer to the relevant sections of our Privacy note at
bluepearlsoftware.com/privacypolicy.